1. Field of the Invention
Embodiments of the present invention generally relate to computer security systems and, more particularly, to a method and apparatus for detecting legitimate computer operation misrepresentation.
2. Description of the Related Art
Widespread Internet usage by small to large organizations results in an increase in computer-related attacks. Various malicious software programs (e.g., viruses, Trojan horses, worms and/or the like) cause many of these related computer attacks. These malicious software programs may be transmitted (i.e. downloaded) to a vulnerable computer without user consent and/or knowledge as executable programs, email attachments, multimedia files (e.g., video files, audio files and/or the like), malicious HTML code on web pages and/or the like.
The malicious software programs may exert control over an operating system and modify various files (e.g., system registry entries) and/or settings (e.g., background color, screen saver and/or the like) in order to disrupt normal operation. The malicious software programs may also exploit the user computer for illegitimate purposes. For example, a certain malicious software program may misappropriate sensitive data, such as intellectual property, customer data, medical histories, financial records, purchase orders, legal documents, privileged and/or confidential information, social security numbers, addresses, pictures, documents, contacts and/or the like.
Occasionally, a user may be enticed and/or redirected to a website that hosts such malicious software programs. The user may be enticed by an email or a posting on social networking websites (e.g., Orkut, Facebook and/or the like) that includes a link to the website. The user may also be enticed when search engine search results provide links to the website. For example, a hacker may fill hosted webpages with common keywords in order to gain a higher ranking by the search engine. When the user inputs any of these keywords, the search engine provides links to these webpages amongst the top ten search results. Upon accessing the website and following given instructions, the user computer downloads the malicious software programs, which may corrupt critical data and/or cause a system crash or system malfunctioning.
For example, fraudulent virus scanning software programs may pretend to scan the user computer for malicious software programs. The fraudulent virus scanning software programs purport to be legitimate anti-virus scanners and trick the user using similar imagery. For example, these fraudulent virus scanning software programs may depict progress bars, alert dialog boxes, malware names, drives scanned and/or infected and/or the like. After the user follows fraudulent instructions, a malicious software program may be downloaded to the user computer without the user's consent. The malicious software program may subsequently modify the user's settings (e.g., home page, error page, desktop back ground and/or the like) and/or prompt the user to purchase an updated version.
Accordingly, the small to large organizations may employ various security software programs (e.g., anti-virus, anti-spyware and/or anti-phishing software programs) to detect and prevent the execution of such malicious software programs. The security software programs, however, depend upon prior knowledge of signatures and, therefore, are limited to detecting malicious software programs for which the signature is available. Accordingly, the security software programs are unable to detect a malicious software program for which a code-based signature or an activity-based signature is unknown. Further, the security software programs cannot identify legitimate computer operation misrepresentation.
Therefore, there is a need in the art for a method and apparatus for detecting legitimate computer operation misrepresentation.